Mailenable 1.1 Enterprise Remote Code Execution

Author: Mati Aharoni

Date: 1 May 2005

-[ Product: Mailenable 1.1 Enterprise
-[ Version: 1.1
-[ OS: Windows
-[ Vendor: http://www.mailenable.com

Summary

The Mailenable IMAP server is vulnerable to a buffer overflow condition in the EXAMINE command which can lead to remote code execution.

Problem

A remote buffer overflow exists in MailEnable Enterprise 1.1 IMAP EXAMINE command, which allows for post authentication code execution. This vulnerability affects Mailenable Enterprise 1.1 *without* the ME-10009.EXE patch. For proof of concept see:
http://www.milw0rm.com/exploits/1378

Patches

Vendor was notified and a patch was released.